<?php
    require ('db_connection.php');
    $oldPass = $_POST['oldPass'];
    $newPass = $_POST['newPass'];
    $cnewPass = $_POST['cnewPass'];
    $userID = $_COOKIE['user'];
   
    $query4 = "SELECT password('$oldPass')";
    $result4 = mysql_query($query4);
    while ($row = mysql_fetch_array($result4))
    {
      $oldPass = $row["password('$oldPass')"];
    }
    
    $qpass = "SELECT * FROM tblclient WHERE userID='$userID'";
    $rpass = mysql_query($qpass);
    while ($row = mysql_fetch_array($rpass))
    {
      $pass = $row['cpassword'];
    }

    if($oldPass==$pass)
    {
        if($newPass==$cnewPass)
        {
            $query = "UPDATE tblclient SET cpassword=PASSWORD('$newPass') WHERE userID='$userID'";
            $result = mysql_query($query);

            if($result)
            {
              echo " <script>alert('Your password has been changed!')</script> ";
              echo ("<script> document.location.href='index.php'</script>");
            }
            else
            {
              echo " <script>alert('Update failed!')</script> ";
              echo ("<script> history.back();</script>");
            }
        }
        else
        {
            echo " <script>alert('The password your new password did not match')</script> ";
            echo ("<script> history.back();</script>");
        }
    }
    else
    {
        echo " <script>alert('Verify password!')</script> ";
        //echo ("<script> history.back();</script>");
    }


?>
